Tag Archives: care.data

care.data communications and core concepts [Part two]

“My concerns about care.data are heightened, not allayed by the NHS England apparently relentless roll-out and focus on communications. Whilst they say it will take as long as it needs, there is talk of Oct-Nov. pilots. It is still all about finding the right communications, not fixing flaws in core concepts.”

For part one of this post see here >>care.data communications and core concepts [Part one]

1984Other sessions on the 17th Open House included:

Patient participation in general practice: exploring how can you be involved in the changes in general practice, including the introduction of the Friends and Family Test and changes to the GP contract in relation to Patient Participation Groups.

Patients Online: This session was to enable attendees to find out more about work to increase the number of patients who can access their health records online, book GP appointments online and order repeat prescriptions. The accompanying film was described by a fellow table guest as, ‘awful. Too long, dull and dry.’  It felt that there was a lot of weight given to this part of the day and that the uses of data during the event were all mixed into one pot. care.data will not be the source for patient online access, yet we came away thinking of the data as one source to enable that purpose. Poor communication or clever marketing, will depend on your point of view.

The big picture however, of how our health records will be used and bring benefit is in my opinion, being manipulated and purposes conflated to make one thing seemingly lead to another, which are in fact unrelated.

care.data is for secondary purposes, not direct care use by physicians for example. We are told this sharing of data is a requirement for other things as well. Firstly for patient safety and quality. And for integration between services.

Integration

Mr.Kelsey said at the Open House day, (around 36:00 minutes in, if you listen yourself) “we’ve all heard this word integration, I’m not terribly sure what it means, but I think what it means is that local people have a proper say in the way that health services are designed. So to give you voice, to give the local community voice, care.data is really important….”

I should hope that Mr.Kelsey has a jolly good understanding of integration and knows exactly that it is the merging of health and social care under the motto ‘transformation’. Social care under ADASS and health care are under all sorts of pressures to integrate, budgets are being pooled, shared and ring-fenced in various discussions, including my local county Health & Adult Social Care Select Committee:

“…Director Adults’ Services, told the (Chichester) Committee [9] in November 2013: The Care Bill would mean a radical whole system change involving the biggest ever transformational change for Adults’ Services The Council was building the foundations for further significant change.”
Perhaps on the day, he meant something else.

Mr. Kelsey did, in his speech note however, that the programme should be respecting the fact it is *their* data, *not* the NHSs. (This is in contrast to his previous position in which patients should not be given an opt out choice – Prospect Magazine, 2009 when his stance was “no one who uses a public service should be allowed to opt out of sharing their records. Nor can people rely on their record being anonymised”).

It’s an argument oft repeated that we should *own* our data, but somewhat meaningless if it took a campaign and public outcry to require an opt out mechanism, and put the programme on hold. I feel the language is being manipulated to create the impression we don’t already own or have rights to our health data. The opposite is true.  And many know that, just see the killer question below from Leicester. As long as records are held only at GP level, we will have much greater control and visibility of their use, than if shared centrally.

Many I have spoken with ask why it is not possible to leave data at local GP level for only clinical care, and extract nothing identifiable from hospitals without consent?

Other People’s Questions

In that vein, I summarise what 4 other people asked Mr. Kelsey and his panel in London about care.data on the day, and what I felt was missing from the answers to give balanced communications. The locations of about 80-100 people at each, were each allowed to put forward one question to the panel via web link, the question selected from all those discussed at the tables, by an organiser at the site. They covered Benefits / Data Uses / Confidentiality / Communications.

View them for yourself here, from 01:13.06 in the NHS Open House video:

Question selected to be asked from Basingstoke: “If people opt out of giving data will then the results not then be inaccurate?”

The larger volume of data, the better quality the data will be, the greater the benefits will be. Choosing not to opt out. That will, depending on the volume of that, affect data quality to a degree we won’t know that. Over time, once people’s concerns have been addressed, we hope that quality will improve.

Missing from the answer: [10] HES data is cleaned, SUS data is not, and both are known to have significant quality issues on validity and accuracy. The data has been extracted and stored for twenty plus years. Higher volume of data does not equate with a higher quality of data. You don’t make a better quality haystack, just by adding more hay. The volume of data is less important than it be representative of all parts of the population, but there is a risk that those opting out tend to be, as one GP has told me, ‘the white middle class and educated leaving others overly represented’. Only having more data is not a solution for quality.

*****

Question from Leicester: “Are we saying there will be only clinical use of the data – no marketing, no insurance, no profit making? This is our data.”

Panel: New legislation was brought in which made it very clear, data could only be released for the benefit for health and care, and it cannot be released solely for commercial purposes – yes, data can go to a private sector organisation, yes commercial companies, but only where they are working for the benefit of health and care, for example, Dr.Foster Intelligence, or other data information intermediaries who do a lot of work with data and who do a lot of work with the NHS to help inform decisions. Data will still be available to commercial companies. The other point, there is going to be independent scrutiny, which will be formalised within the law, to have independent scrutiny by the Confidentiality Advisory Group, which already exists which can independently scrutinise the releases.

Missing from the answer: care.data is not for clinical care. This indeed is our data and belongs to patients not NHS England, and should be respected as the NHS Constitution requires. Data continues to be released, and will continue to be so even under the Care Act legislation, to third parties in financial transactions. No recipient organisation by function (such as insurance) is excluded per se, rather recipients are judged based on their intended use of the data. The precise terms are open under the Act :

Care Act 2014****

Question from London: “How do you propose to reset expectations and perceptions, with any future communications, and  given that the way the first round was handled, provoked apparently such strong public resistance and suspicion about the NHS England motives?”

Panel spokesperson: We didn’t get it right the first time round, partly because we approached that at the National level. There was a leaflet that went out nationally. We will work with the 100-500 GP practices, and work co-produce materials in those areas and work with what is already there locally, GP practices, LMCs, PPGS, Healthwatch, using local knowledge, and patients so we can make sure everyone can understand, we understand how we can communicate this, what the concerns are, so we can get the message across, so everyone can understand what the choice is and what this is about.

Mr.Kelsey added: …[…]This isn’t about us and you, this is about us collectively. How do we ask patients and citizens for permission to use their personal information…we need to get that conversation right.”

Communications materials

Draft FAQs and information sheets to use in those conversations were on the table for participants information and to take away. The Data Uses page wording is interesting but poorly phrased, as it misled a couple on my table to think the ‘extraction’ was not identifiable. (see point 9 above). And the Benefits case study header is “How might it reduce variations in cancer treatment & care” but concludes that actually the Cancer Registry already does this, and they instead mean something similar would be useful for diabetes. This misuse of benefits makes me think, they’re finding it jolly difficult to find real ones. But if we all at these public meetings, believe the presented stories with the positive spin as fact, then fact they will become.

“And if all others accepted the lie which the Party imposed—if all records told the same tale—then the lie passed into history and became truth.” (George Orwell, 1984)

What next?

It is vital in my mind that care.data communications match reality of what needs done technically and in procedures, to drive expectations of what care.data will deliver and when. Why does an easy read brochure make no mention whatever of who data may be sold to? There is no mention of what organisations continue to receive HES and wider data. Instead it talks about data being shared to ‘know the health needs of everyone’ yet the very people who are outside the system are the ones whose needs we don’t know today – there is a huge amount  known from the rest of the existing patients’ needs from QOF and other GP data extractions, even that used in CPRD for research – purposes for which GP records under care.data are not approved.

The current doublespeak between the comms message and the reality are so far apart, between the technical possibility of what can be done well now, and what needs done to achieve the hoped for benefits, that the current message is setting up the project for failure and benefits will not be realised any time soon. It’s not ready to roll out through ‘improved communications’.

To be fair, the smaller workshop I attended on the 27th, flagged ‘still need to consider how best to engage here’ with many population groups. But it appears to me the Communications teams are effectively doing their best to package something which is not ready to be wrapped. To dot the i on the report, when the chapters aren’t in place yet.

“They were engaged in producing something called an Interim Report, but what it was that they were reporting on he had never definitely found out. It was something to do with the question of whether commas should be placed inside brackets, or outside..” [1984, George Orwell]

I’ve worked on both technical and change management/ communications teams [in another industry]. Project teams’ close working and each having an understanding of the other is vital. But the team members I have met so far, appear to work in silos, without enough linkage to know the functional gaps between them, in technical system, procedures and the link to change & comms. There is no way in my lay opinion, that a pilot of these half-formed knowns will be ready for autumn. For the NHS England leadership to continue to plug that it is, with messages of emotional manipulation of why more data is needed, will condemn care.data to Room 101.  A tortuous drawn out reformation of an existing concept. When really it needs planned afresh from the ground up to get the needs of the people it should serve designed into its consent, collection and communications processes – not added on as the ribbon at the end.

I was more optimistic about the benefits in the past, as long as the procedures around consent, governance and security were addressed. Having spoken with and listened to the needs and concerns of various charity representatives this week, at another smaller event, I am much less so.  Their complex needs, people who go in and out of different parts of the health and social care system at different times in their lives, with real concerns around confidentiality and risks have not begun to be addressed. Real issues for all of disclosure to GPs to ensure care may affect us all. But for many of their clients, they have needs which often carry huge trust and security issues which could put not only their medical care, but their faith in the charities and people working with them, in jeopardy.

I may be in a minority, but I’d rather have my factual understanding and ask hard questions than hear only a tailored communications message, if we are to get this right for our public good.
“Being in a minority, even in a minority of one, did not make you mad. There was truth and there was untruth, and if you clung to the truth even against the whole world, you were not mad.” (George Orwell, 1984)

I therefore asked the group at the end of the morning workshop, as Mr.Kelsey had done at the Open House event, how many of the attendees were really comfortable and confident that they knew what care.data was so that they could be a go-to point for questions, or even advocate for the programme as NHS England hoped.

Did they understand what data would be extracted, why and used by whom. About 1/6 raised  a hand. That’s *after* the event at the end of the morning spent discussing what issues exist for hard-to-reach, or as one attendee said ‘easy-to-ignore’ groups, and how communications channels will reach them.

One said he did not need to know all the facts to help be a comms channel. Another said he wouldn’t advocate for something he himself did not believe in. It was the first time we started to get genuine cross-group discussion, when in the meeting the table model had been employed again, but for those groups, disabilities, challenges, societal issues are not in silos.  Real debate, of hard issues is needed, and yes it’s awkward and might not be able to be ‘managed’ in the same way, but it’s real.

Our group identified a similar basic concept need across their client interests – a rolling consent model which allows opt in and out to change over time. Consent not only for what parts of planned uses the data would be used, but should also consider what parts of the record they are happy to share. Military, youth offenders, teens, the at-risk nature of these groups may mean they wish sections of their history to be restricted if not used for clinical care. And they may wish to share data when under the care of a GP but restrict it again, when under a military one. Or teens may be happy to permit data sharing at another time in their lives, but not permit access to their whole history. The DH Youth Offender expert raised the prickly issue of teen confidentiality and how will consent be gathered when parents may not tell them about the scheme at all, thinking there is ‘nothing to know’. We explained the concept of Gillick to the comms staff and that it’s not about an age of consent in the normal legal sense. What happens if a teen finds out their data has been extracted and wants it removed as teen or adult? We asked about name stored in the Personal Demographics Service and asked why data could not be deleted if clinician and patient both agreed a mistake had simply been made.

These complex and simple core questions need asked to get the whole thing built on a sound and trusted foundation. And they need to be in place for a pilot to make it worth having at all.

If the needs, concerns and understanding of the reps in the room can’t be addressed in a dedicated workshop, how will a remote campaign achieve it for the population at large?

Some at our table asked why the system needs  more data when you haven’t managed or used much of what we had in the past? I would also ask what progress is to be expected on unresolved quality and procedural issues with the current systems and data? Simply adding more hay to make a bigger haystack, does not make it easier to find a needle.

No wonder we can ask if it is really not just about commercial uses which comms don’t want to talk about, wonder why you never mention the data linkage service using PDS data [5] held and have concerns of overzealous surveillance by Big Brother.

There are risks becoming so heavily reliant on centralised data. Recently, patients have been wrongly deleted from GP lists, leaving them without a doctor through the cleaning firm’s administrative or process error.

Some are concerned that patients lose trust in their GP and withhold information. Others about this honey-pot of data for the individual citizen’s security. Professionals have voiced concern for GPs and consultants if factual misrepresentation  by statistics used for ‘ranking and spanking’ will adversely impact their decision making and make them more risk averse. In a negative way. Or with respect to waiting times and treatment, the heavy use of data in measurement creates a risk that it is misrepresenting the facts through lack of context or even, as in several high profile press cases recently, that such pressure is felt, that records are falsified.[12]

“And when memory failed and written records were falsified—when that happened, the claim of the Party to have improved the conditions of human life had got to be accepted, because there did not exist, and never again could exist, any standard against which it could be tested.”                                 (1984, George Orwell)

I’m concerned about all of the above. Perhaps holding care.data in room 101 until it is a manageable and explainable concept, backed up with technically and procedurally sound processes, would be the best place for it, for some time to come. Results and expectations create failure if they cannot marry up in reality.  This isn’t about communications. If you don’t really know what you’re communicating and can’t get it understood easily, then it’s back to the drawing board.

My concerns about care.data are heightened, not allayed by the NHS England apparent relentless rollout and focus on communications. Whilst they say in doublespeak it will take as long as it needs, there is talk of a Oct-Nov pilot launch. A pilot must test the finished model at small scale, not a less-than-half-ready one. Whilst the public push is all about finding the right communications, what is needed is fixing flaws in core concepts.

Doing without it, and waiting, would be better than doing it wrong.

*****

For part one of this post see here with ten learnings from event feedback >>care.data communications and core concepts [Part one]

UPDATE: 3rd July 2014 – If you want to give your views on proposals to introduce tighter controls and safeguards on the use of personal health and care data do so by 8th August to Room 2N12. https://www.gov.uk/government/consultations/protecting-personal-health-and-care-data

Or respond online here> http://consultations.dh.gov.uk/data-sharing/protecting-health-and-care-information

[links 1-8 reference Part One]

[1] The NHS England Open House recording June 17th http://www.nhsengland-openhouse.public-i.tv/core/portal/NHSopenhouse

[2] IPSOS Mori poll conducted for the Joseph Rowntree Foundation: http://www.ipsos-mori.com/Assets/Docs/Polls/jrrt-privacy-topline-nhs-2014.pdf

[3] My post on uses of our records with commercial Data Brokers – http://jenpersson.com/flagship-care-data-2-commercial-practice/

[4] The Information Governance Review ‘Caldicott 2‘ https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/192572/2900774_InfoGovernance_accv2.pdf

[5] The Personal demographics Service at HSCIC (including name) http://systems.hscic.gov.uk/demographics/pds/contents

[6] The Data Linkage Service at HSCIC http://www.hscic.gov.uk/dles

[7] The Partridge review: http://www.hscic.gov.uk/datareview

[8] Summary Care Record use statistics https://www.whatdotheyknow.com/request/scr_care_settings_with_viewing_c#incoming-446569

[9] Minutes of the November Health & Adult Social Care Select Committee in Chichester http://www2.westsussex.gov.uk/ds/cttee/hasc/hasc141113ucmins.pdf

[10] The Quality of Nationally Submitted Health and Social Care Data, England – 2013, Second annual report, Experimental statistics – http://www.hscic.gov.uk/catalogue/PUB11530

[11] My post on commercial use of data with brokers

[12] Falsified hospital waiting times: The Telegraph http://www.telegraph.co.uk/health/healthnews/10590713/One-in-four-hospitals-records-false-waiting-times.html

***

Sales of 1984 have rocketed since the Snowden story broke in 2013: http://www.latimes.com/books/jacketcopy/la-et-jc-nsa-surveillance-puts-george-orwells-1984-on-bestseller-lists-20130611-story.html

Hear no evil, see no evil, speak no evil – the impact of the Partridge Review on care.data

3wisemonkeysThe Partridge Review came out on Tuesday 17th and everyone should read it. But not just the summary. Both the full version and [1] summary are here.

So what is positive about these massive revelations? At long last it appears that the hands have come off the ears and the real issues are being listened to.

My summary: “NHS England cannot now put a hand over its eyes & hope care.data issues are only about communications.”

I feel somewhat relieved that the issues many have been concerned about for the last ten months, have now been officially recognised.

Amongst them,  it has confirmed the utter lack of clear, publicly transparent and some quite basic, governance procedures.

It’s no surprise then, that our medical records, on at least two occasions in this sample 10% review of the releases, have gone to undocumented destinations. (Let’s ignore the fact of the other 90%!? of which we have no visibility yet).

At least eight insurers or re-insurers were in this 10% sample, so how many times did such companies get it, in the other 90% which has not been reviewed and we haven’t heard about?

How will ‘promotion of health’ purposes exclude them in future? In my opinion, it won’t.

Why would an insurance company be excluded if it requests data in order to provide health care coverage?

This is the wording of the Act, not ‘for the benefits of the NHS’ or any other more ‘friendly’ patient facing framing.

Care Act 2014At the NHS Open Day on Tuesday, the same day as the release, a panel spokesperson stated that commercial information intermediaries [2]  will continue to be approved recipients. Gah – why this is such a bad idea, I wrote about here. [3]

The Partridge review said there had been no complaints.  [4] MedConfidential pointed out an example of those of which they know. Kingsley Manning told the Health Select Committee [5] on 8th April, there had been seventeen opt outs of Hospital Episode Statistics, ever.  Fourteen in 2013 and three prior to 2013.

“Q377Chair: There is not an opt-out rate for care.data yet, presumably.

Kingsley Manning: No, not on that, but in terms of the number of people who have acted to opt out, it is 3 opt-outs up until April 2013 and a further 14 opt outs since 1 April 2013.”

Would I be wrong to suspect each was accompanied by a  complaint? You don’t usually opt out of something you are happy with.

The reason for these low numbers of both complaints and opt out in the wider public? WE DID NOT KNOW. The public didn’t know we had anything to be unhappy about. Many still do not.

As soon as I fully understood the commercial selling of my family’s patient records, this below is the query for advice / complaint I made in January to ICO, before the launch was postponed.

I wanted some guidance from an outside body, because I was being told the law permitted this extraction, so what good would a further complaint to HSCIC do? I had already written to my MP and had a response from the Secretary of State / Department of Health (which tried to tell me patient identifiable data was not shared with third parties), as well as feedback to my concerns raised by email with HSCIC, all of which only tried to reassure me. I had no one to otherwise raise concerns with. The ICO advisor I spoke to told me at that time, that they had had many similar complaints.

I’ll be blunt and say now, especially since the Open Day [more on that later, especially on the content of care.data FAQs we received], I think it’s fair to say I am far better informed about care.data than most in the public. When Mr. Kelsey asked for a show of hands, how many had heard of care.data, all put their hands up. Bearing in mind the rooms were full of highly involved people, NHS England staff, CCG and PPG leaders, and few ‘ordinary patients’ like me, and the agenda contained a section on care.data, it’s unsurprising we had heard of it. When Mr.Kelsey asked, “how many of you understand what it is?” the response was around 50%. I’d dispute also, that all of those 50% truly do.

Some of the comms material we were given is factually incorrect, for example, around research. Currently, GP held data planned for care.data extraction and its merger with HES, into Care Episode Statistics (CES), is approved for commissioning purposes but not for research by the GPES group. It’s not approved for research purposes, so its no good telling us how good it is to have it for the benefit of research. What has already been released for research, and continues to be so, is what was already extracted in the past, with or without consent, and informing patients.

Records will not be deleted which raises all sorts of historical reporting concerns if mistakes are identified in retrosepct.

I have spoken with several NHSE Communications people who genuinely asked me, or left me asking the question for them in my own mind, “If I don’t understand it, then how is the public expected to?”

The concerns I had now almost five months ago, seem vindicated by the report. The actions taken since, the loose wording of the Care Act 2014, and little evidence of intention to make any change which is binding i.e. the opt out is only granted at the whim of the Secretary of State, it’s not statutory and that there is no independent governance to be put in place , have done nothing to bolster my confidence these gaps have been filled.

Simon Denegri, Chair of INVOLVE – the UK’s national advisory group on public involvement – and NIHR National Director for Public Participation and Engagement in Research, wrote a response on his blog [6]. I agree with the spirit of his post, and positivity, [he also writes excellent haiku] but where I disagree I outline below. There is room for positive hope for care.data, but first, let’s properly address the past.

“I am sure that many better informed people than I will pore over the detail. Others will use it to strengthen their case that we should put a stop to any manner of data sharing.”

Perhaps most key, I disagree with his fears the report could be used by ‘others.’ I don’t know anyone who wants to see a stop to ‘any manner’ of data sharing, including me. It’s the *how* and *why*  and *with whom*  that still needs work. Some of us may not want it without active consent, but that is part of the how, not if.  It’s not *any* manner that I object to, it’s *this* manner specifically.

I have read the Review in detail and whilst there is much positive in attitude in the Review, the reality of what difference this will make with any real bite, is hard to find.

For example, “The HSCIC will plan a new ‘data laboratory’ service which will protect the public’s information by allowing access to it in a safe environment with HSCIC managed networks and facilities.”  But this is with caveats, as it’s the “default,” Tim Kelsey said on Tuesday to the NHSE Open House. It does not mean *all* and if global third party intermediaries and business intelligence companies are still to receive data, then I can’t imagine the  global likes of IMS Health, or Experian, or Harvey Walsh will send someone along to Leeds every time they want to extract data. Who will  be given special permissions and how will they be decided and recorded, how will it be documented what data they access, if they get a free pass?

Unknown others have direct access to the HES system now through HDIS. Public Health should rightly use our health data, but a  transparent list of all approved organisations here too, would be a positive step.

Simon’s post continues,

“As you would expect from a previous Chair of INVOLVE, Nick Partridge, has secured fundamental changes in the governance of HSCIC and data releases going forward.  These include patients and the public sitting on the main committees reviewing data releases, open publication of data releases and a programme of ‘active communication’ with the public”.

Patients and public on the DAAG committee. If they are informed about data governance law and good practices, yes, if it’s just ‘representative’, not so useful. But DAAG is HSCIC staffed, and HSCIC has a legal and policy remit from the Department of Health and in its roadmap to distribute data, and will create ‘a vibrant market of data intermediaries’, as it would be wrong to exclude private companies simply on ideological grounds.  So the concept of ‘independent’ is flawed. Where are the teeth needed to reject an application, if it’s in the interest of the reviewing body, to accept it?

“It’s my view that the Partridge review, its recommendations, and the swift response from the Health and Social Care Information Centre (HSCIC), offers us the opportunity of a fresh start with the public on this issue.” [S.D.]

This could be used as an opportunity to brush the past aside and say time for a fresh start, but it can only be so if there is confidence of change.

NHS England cannot now put a hand over its eyes and hope the issues go away or that it’s only about communications.

The past needs fisking, issue by issue, to avoid they happen again. And the real risks need addressed, not glossed over. Why?

Because let’s assume the public all thinks it’s fine, and none of us opt out. Then through these still flawed process holes, a huge data leak. The public loses trust all over again, and the opportunity for the care.data benefits is lost forever.

Get it right now, and you build a trustworthy and seaworthy future, for the future public good.

There are other more detailed questions I would raise, [I previously worked in functional database design amongst other things] and I will believe these recommendations will have an effect, if and when I see the words become actions. The Review by PwC and Sir Nick Partridge is a positive listening and speaking exercise, but the plans must become reality with actions, some under legislation, in my view.

And perhaps the simplest, unspoken point seems to being deliberately ignored as if just not seen, unmentioned, except by data protection gurus [7]. There is legal obligation to provide information to citizens before their data is released, in a transparent way, to whom and for what purpose. What happened to Fair Processing? [8] Past and present?

Sir Kingsley Manning, Chair of HSCIC, asked in the Guardian on 22nd January [9] that we have ‘intelligent, grown up debate’ about data sharing. Well my hand is certainly off my mouth. I wrote a feature in my local paper and I’m still speaking to anyone I can to promote fact-based informed decision making.  But wider Public Debate is still sorely lacking [BBC Question Time anyone?] Through it, I’d like to encourage wider knowledge of the why, who and what of secondary purposes of data sharing and to ensure we can get it done transparently and safely.

Why?

To ensure we, as patients, continue to trust telling our GPs and hospital consultants all the information that we need to, and have no fear it will be held against us by an insurer or others.

We need to trust we will not be penalised whether through disclosure, by stigma and exclusion from policy or care; or whether by opting out, we could be penalised for not participating and not get ‘advantages’ offered to others, just like store loyalty cards.

We may think the insurance debate is irrelevant, if like me, we are not ‘self-payers’ or don’t use a private insurer. With a £30bn gap in planned budget and needed spend over the next five years, someone is still going to be paying for our healthcare.

If it’s not the State, then who? The risk more of us will pay for our own care in future is real. If not for us, for our kids, and their privacy will be a whole different ball game if genomics gets involved.

Meanwhile, we are told for care.data identifiable personal data is crucial for patient safety tracking. In my opinion, patient safety will be harmed if confidence in confidentiality fails. The relationship between clinician and patient will be harmed. And no number of Dr. Foster Intelligence reports by tracking quality or safety, will be able to fix those failures which it has helped create.

Perhaps most tellingly, NHS England is still to make a statement on the Review. There is no news yet here.

It still seems to me the NHS England leadership and its data sharing policy carried out through IC past and present, wants to continue without grown up debate under the PR motto ‘it’s all going jolly well’, and to act with the attitude of a teenager, who with a shrug of the shoulders will tell you:

‘It’s easier to ask for forgiveness than permission.’

***********

January 25th, 2014 – my ICO complaint / guidance request

{abbreviated only to show  issues I feel still need addressed}

Dear ICO
I would like to ask for your urgent advice.

I am a mother of X children under 12. […] Our confidential patient data is being extracted via care.data to the HSCIC. Until my recent research to understand what this was all about, I did not know that HSCIC stored all our patient confidential health data from all sorts of health providers: Hospitals, Mental Health, National Child Measurement Programme, [10] Immunisations and Health visitors.

I have not knowingly given my permission for our data to be stored or transmitted to or from HSCIC in any format in the past. If by signing a consent form for treatment I also signed consent for sharing with this central body, it was without my knowledge and therefore without informed consent.

I have significant concerns over its use, now that I understand how widely our patient data may be used and now even shared abroad. [11] […]

There is no public information on :

1. How long our data will be stored for  – data retention and data deletion and cross border governance
2. There is no opportunity for health record deletion of anything which was simply a mistake i.e.: recorded on the wrong record, or a misinformed opinion on lifestyle entered by the GP, not fact
3. How will future governance be assured that it will not be slackened to allow less strict pseudonymisation, and identifiable releases; for example to US firms who establish themselves in the NHS England healthcare market?

I do not believe that the legal rights created through the Health and Social Care Act are sufficient justification to overrule the Common Law of Confidentiality, and the Data Protection Act 1998. [And the data shared before 2012 was not covered by the Act which did not exist and was not retrospective.] Even if the dissent codes are applied, patient data has been or will be extracted to the HSCIC (without my permission) and it will contain identifiable items such as clinician name, practice and CCG locations, and referral dates which may be used as identifiers to connect with HES data stored at HSCIC – since HSCIC also holds data in the Personal Demographics Service [PDS], [12] I believe they may also link the data [13] then to my personal demographic identifiers. Just an undefined or internal  governance procedure to suggest that they would not, when it is technically possible, is not sufficient oversight. […]

I do not consent for the use of our [hospital HES or other] data in health research – because it has not been explained to me, what that term means and the implications of this assumed consent.

I cannot know what the other future uses will be for our health information stored today. I do not feel that I can apply any fair processing to their health records due to the lack of publicly available information and scope of the full uses of their data today and in future. […]

Sincerely,
Jen Persson
XXXXXXX

———————————

[1] The Partridge Review Summary and Full report http://www.hscic.gov.uk/datareview

[2] On selling data to Intermediaries and the governance which permits it  https://medconfidential.org/category/press-releases/

[3] Commercial users of NHS patient data – third party use – my blog http://jenpersson.com/flagship-care-data-2-commercial-practice/

[4] Complaints and why confidence needs restored https://medconfidential.org/2014/press-release-partridge-review-patients-need-proof-to-restore-confidence/

[5] Health Select Committee 8th April 2014 http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/health-committee/handling-of-nhs-patient-data/oral/8416.html

[6] Simon Denegri’s blog response to the Partridge Review http://simondenegri.com/2014/06/17/partridge-reviews-elegant-demolition-of-past-practice-on-personal-data-offers-opportunity-for-fresh-start-with-the-public/

[7] Information Rights and Wrongs – Jon Baines’ blog http://informationrightsandwrongs.com/2014/06/18/the-partridge-review-reveals-apparently-huge-data-protection-breaches/

[8] ICO Processing Data Fairly and Lawfully http://ico.org.uk/for_organisations/data_protection/the_guide/principle_1

[9] The Guardian, January 22nd 2014 ‘Lack of Debate on the Sale of Patient Information‘ http://www.theguardian.com/society/2014/jan/22/debate-sale-patient-information?CMP=twt_gu

[10] National Child Measurement Programme data managed by HSCIC http://www.hscic.gov.uk/ncmp

[11] Data use in the USA Memorandum between DH, HSCIC and the US  Dept of Health and Human Services to include exploring secondary stores http://www.healthit.gov/sites/default/files/hhsnhs_mou_final_jan_21.pdf

[12] Personal Demographics Service http://systems.hscic.gov.uk/demographics/pds/contents data already stored at HSCIC

[13] Data Linkage Service at HSCIC to manage the requests for data which is stored in different silos and brought together on request http://www.hscic.gov.uk/dles

Image courtesy of an interesting post on the history of the featured monkeys: http://frontiersofzoology.blogspot.co.uk/2013/04/why-are-three-wise-monkeys-usually-apes.html

Flagship care.data – [2] Commercial use with the Brokers

“If our health records should sail off in the flagship care.data programme, on the sea of commercial Big Data, are we confident that there is consent, fair processing, transparency, accountability, security and good governance? We must know that these basic mainstays are in place, to give it our support.”

“He that filches from me my good name, robs me of that which not enriches him, and makes me poor indeed.”                     William Shakespeare, Othello

I read this Shakespeare quote last week, not in the original but in the statement Data Brokers: A Call for Transparency and Accountability by US Commissioner of the Federal Trade Commission Julie Brill, May 27 2014. [1] . Since then I have tried to piece together a lay consumer understanding, of how this commercial data market works and how our health records fit in. Experts in data markets and many others will undoubtedly see how naïve it is. But by sharing my ordinary understanding as a mother who is thinking about the impacts of my shopping habits and upcoming care.data decision will have on my children’s future, perhaps I can highlight how trusting we are, and why those governing our data need to ensure the processes around our data are worthy of that trust.

The Commissioner begins:

“Data brokers gather massive amounts of data, from online and offline sources, and combine them into profiles about each of us. Data brokers examine each piece of information they hold about us – where we live, where we work and how much we earn, our race, our daily activities (both off line and online), our interests, our health conditions and our overall financial status – to create a narrative about our past, present and even our future lives. Perhaps we are described as “Financially Challenged” or instead as “Bible Lifestyle.”

Perhaps we are also placed in a category of “Diabetes Interest” or “Smoker in Household.” Data brokers’ clients use these profiles to send us advertisements we might be interested in, an activity that can benefit both the advertiser and the consumer. But these profiles can also be used to determine whether and on what terms companies should do business with us as individual consumers, and could result in our being treated differently based on characteristics such as our race, income, or sexual orientation. If data broker profiles are based on inaccurate information or inappropriate classifications, or used for inappropriate purposes, the profiles have the ability to not only rob us of our good name, but also to lead to lost economic opportunities, higher costs, and other significant harm.”
In other words, organisations, which we may not know store our personal, sensitive or confidential data, use it to classify, segment  and label us. In this environment when third parties it seems know more about us than we may know ourselves, it would seem prudent to want to control and understand what data is held by whom and how they use it. Especially, if in her words, “the profiles have the ability to not only rob us of our good name, but also to lead to lost economic opportunities, higher costs, and other significant harm.”

This is why it matters what is being done at break-neck pace to extract and share our health records in England.

I believe we are not yet sufficiently aware of how our data is used by these intermediaries, and if we were, we’d be horrified. We are complicit consumers in how our data is used with minimal understanding. We’re prepared to unwittingly trade a little privacy with the supermarket, to get our discount vouchers through the post. But we don’t look beyond that to understand what price we are paying and how our commercial interests may be harmed, in much more significant ways than £10 discount or a Legoland entry may compensate. Just like our food, the public are complicit [2] in our own downfall, accepting the marketing spin. We don’t understand credit ratings [3] and risk scores, and even if we do, most consumers don’t know data brokers offer companies scores for other purposes unrelated to credit in an onward chain of reselling. Data can be inaccurate, we are unaware of how to manage or correct it, how we are labelled by it, what opportunities it may restrict as highlighted in the report. We should be better informed.

I’ve recently learned how these, “powerful cross-channel consumer classifications help companies understand the demographics, lifestyles, preferences and behaviours of the UK adult population in extraordinary detail.” [4] demonstrated by Experian.

That they understand and track my behaviours probably better than I do, and at such detailed level, I find surprising and invasive. “Within rural areas we are able to pick out the individual households that are likely to be commuting to towns and cities nearby…” I’ll go more into that later.

It has come to the attention of the general public,  only in the last 6 months, that our hospital episode statistics (HES) and data from other secondary care sources, have been on sale in this consumer market. As I said in a previous post [5], a year ago, in April 2013, The ‘Health and Social Care Transparency Panel’ discussion on sharing patient data with information intermediaries stated at that time, there was no legitimate or statutory basis to share at least ONS data [6] in that way for commercial purposes:

“The issues of finding a legitimate basis for sharing ONS death data with information intermediaries for commercial purposes had been a long running problem…The panel identified this as a significant barrier to developing a vibrant market of information intermediaries.”

The HSCIC at that time saw a “vibrant market of information intermediaries, for commercial purposes” using our personal records as desirable and indeed, as Sir Kingsley Manning’s comments to the Health Select Committee demonstrate, in their DH handed-down policy remit.


In this way, companies who process data such as Beacon Dodsworth received data in the last year and offered it for commercial exploitation by others “HES data may be used by pharmaceutical companies “to improve [their] social marketing / media awareness campaigns”. Others included  OmegaSolver [7] and Harvey Walsh [8].


Some of that data goes back into our health market as business intelligence, both for NHS and private use, for benchmarking, comparisons and making commercial decisions. In our commissioning based marketplace [9], now becoming normalised.

Through the press earlier this year, and the first data release register [10] we have come to understand in part, who is using it and at least in part, how. Aside from bone fide public health planners and health researchers, and the intermediaries using data for commissioning support tools, recipients include these commercial companies and third-party intermediaries exploiting the data as a commodity. Organisations which may buy raw data and sell it on, or process it and sell that data mined information onwards. Organisations after which, Chair Kingsley Manning told the Health Select Committee, [11] we have no idea whom all the end users may be. He indicated the progress that is needed and that HSCIC is already working on improvements, stating the view that “the process HSCIC inherited was no longer robust. ” Q285

“Kingsley Manning: I realise that, and may I come back to that? That is why, specifically with regard to the sets of data that are covered by data-sharing agreements, I took the view that the process that we inherited was no longer robust. We have therefore been in the process of changing the management and the processes, and we have voluntarily adopted a process of being much more transparent about the process and about the data releases we have made.

              Q286Barbara Keeley: But what I was trying to get to was the concern.  We are just looking for transparency and honesty here. On all the data that was previously released through these commercial reuse licences where there are end users—the question that the Committee wanted to put to you—you are unable to say what are the uses to which the data release under those licences may be put, what controls are in place and what information is provided—you don’t know. With the whole 13 years of the HES database and however many million records have gone out to one of these providers that then provides on to others—in the United States, this has involved putting up the data on Google cloud, and we are not sure of the security of that—you can’t say. You should admit it now. If you can’t tell us where all that data is and what all its uses are, it seems you can’t. You have already admitted that entirely commercial market uses—

              Kingsley Manning: The control is through both the overriding regulations established within the Data Protection Act and the data-sharing agreements that we enter into with people, which specifically allow the reuse of data with safeguards with regard to anonymity.

              Q287Barbara Keeley: So you have no idea who the end user is. You have no idea if they are using it properly because there is no audit.

              Kingsley Manning: And that is in accordance with the law and the regulations as they stand today.

              Q288Barbara Keeley: So, just to be clear, audit is not going to be possible for all the uses and all the end users. The data is out there. You have licensed people to use it and other people to buy it, and there is no control over that—it is just out there.

              Kingsley Manning: I don’t accept there is no control. There is control established in accordance with law and the regulations as they are today.

              Q289Barbara Keeley: But you are not able to say who is using it and for what reason. You are not able to say that.  There are end users out there.

              Kingsley Manning: No, because we have a large range of organisations that we have been encouraging. Government policy has for a long time been to encourage the use of this data to advance both the health and social care system in this country and the economy. If, for example, we supply pseudonymised data to a drug company to help it to develop a new drug, we do not know the end users beyond that organisation, but that is perceived as being a task and a function that we have. It is done in such a manner that the data is safe and secure, and is not identifiable back to an individual.

              You may wish to change the base upon which we act. We absolutely welcome the suggestion that we should submit these to the confidentiality advisory group. We have identified a number of cases where we think its guidance would be very helpful, including in this area. We would absolutely welcome that, but I am afraid we cannot make up the rules that we act by.”

This is what concerns me, if the purposes and permissions granted for care.data are to be defined by the reason why recipients get data for the “promotion of health ” [12] and that their worthiness to receive data is based on,  a wooly, undefined notion of whether it will improve care or promote health. It cannot be transparently judged if many users of data are intermediaries with re-use licences, if even the HSCIC doesn’t know who all the end users are, and does not routinely audit them. Nor can anyone know how identifiable therefore the accumulated data sets may be.

If HSCIC does not track each release, each time, each recipient receives data, how do they know every time a new request is granted, how much of the jigsaw puzzle for any given individual, is left to complete?

If you don’t know who they are, how can you govern them and what they do with our data? How on earth can anyone judge how they will be for purposes in the Care Bill 2014 of:

(a)the provision of health care or adult social care, or

(b)the promotion of health.

How can the data controllers judge whether that  release, together with all the data these companies already hold, will not do us ‘significant harm’  in the words of Commissioner Brill, of the Federal Trade Commission? Will it not by its nature of labels discriminate against segments of our society, whom the data owners select, based on information beyond our visibility or control? Is society which is segmented and stratified at risk of every increasing inequality? Disability groups for example, may feel at increased risk of stigma or exclusion. David Gillon [13] addresses this in his post here. How can individuals determine if releasing our data to these companies is in our own, or the public interest [14]?

Impossible if we don’t know who they are, and we don’t know what they already hold. A model which is hardly transparent nor conducive to trust.

Dr.Neil Bhatia in Hampshire, a GP who founded the non-commercial website care-data.info, asked HSCIC in an FOI request for the data *about him* which was released to these type of intermediaries. He was told this week, that the data controller, the Health and Information Centre, does not know. We can then only surmise, if our individual data was contained in pseudonymous bulk data transfers in which there remains ‘a latent risk’ of identification. So from the released data register, we should look at what types of companies are using pseudonymous data. We are also told that penalties may be imposed, or even ‘one strike and you’re out’ for misuse of data. Until now at least without robust audit procedures, I believe we’d never know. So how could data be better secured?

There is talk of a ‘fume cupboard’ access, [15] or giving customers data only in query format, instead of giving out raw chunks of the database. But the Care Bill certainly didn’t legislate for any changes in those types or indeed any governance procedures. We can only wait and see if talk becomes reality and how we can trust it becomes a secure policy and stays so, after we entrust our data. There is no delete button after all.

The Secretary of State wrote on April 25th [16], asking to ensure current practices are up to the task, but as polite as it is, a letter is no form of governance. On June 12th, HSJ [17] reported that the HSCIC has ordered a significant number of trusts to “promptly” delete a series of datafields, which it claims could put patients at risk of being identified, because some of the information in “secondary uses service” that they had submitted to the agency had been entered in an incorrect way over ten years. The good news in this, is it would appear progress is being made in audit, and these errors are being addressed.

However, it highlights the issue created when you release raw data beyond your control. It will mean that organisations who should not have received data, did. How now is that data to be removed from information into which it has become? It will now no longer be raw numbers, but be in graphs, comparative studies and have been inexorably merged with other data. Unlike Cinderella’s carriage, it’s not an automatic process that the raw materials, the data, returns to its previous state after it has become enhanced, turned into business intelligence. The raw files may be traced, removed and deleted, but the knowledge it has turned into, will be almost impossible to find and delete. The links between the two may have disappeared into thin air. Harder to find, than the owner of the glass slipper. An impossible audit trail.

An audit process on leaving the trusts and upon arrival at HSCIC and on leaving HSCIC – at least a three place checkpoint – is what I would have  been familiar with in the past for payroll & personal data. It seems that audit procedures for our health records, have just not kept up with the speed at which the data has been sent out on the open seas, and there has been no audit.

Q287Barbara Keeley: So you have no idea who the end user is. You have no idea if they are using it properly because there is no audit.

  Kingsley Manning: And that is in accordance with the law and the regulations as they stand today.”

It’s not to say there are no controls. We are told that data sharing agreements prevent data provided being matched with other data held, which prevents making individuals identifiable. However, as I’ll look at in my next post, I don’t think it even has to get the the person level to be sufficiently identifiable as to be discriminatory. The segmenting of society at group level, at household level, with detailed understanding of our behaviours, is sufficient, aside from the identifiable individual level data these companies hold for identity verification and so on. When companies extract and store raw data, we have no idea where and with whom it lands up. I’ve been completely surprised by what I have learned in the last few weeks how these third parties use our data.

The current controls around and governance of our health data remains unchanged by the Care Bill.  Through policy, law and directions the HSCIC has

…”licensed people to use it and other people to buy it, and there is no control over that.” [12]

As Sir Manning said,

…”because we have a large range of organisations that we have been encouraging. Government policy has for a long time been to encourage the use of this data”

Controls may be in line with policy and the law, but I believe it simply hasn’t kept up with the functional need for a decent governance framework.

Julie Brill’s Statement made a recommendation:

“A second accountability measure that Congress should consider is to require data brokers to take reasonable steps to ensure that their original sources of information obtained appropriate consent from consumers.”

Accountability in the UK of these data brokers seems quite absent in real terms, unknown to the public at large.

The same core issue identified by Julie Brill in the US, lack of informed consent. If we don’t know you have it, how can we ask to check if it’s correct or who uses it? In an era of borderless electronic data transfers, we should seek to put in place the highest standards as common denominators, and in terms of privacy, there are lessons worth learning from the US actions post Snowden which in the UK, we have not yet begun.

If our health records should sail off in the flagship care.data programme, on the sea of commercial Big Data, are we confident that there is consent, fair processing, transparency, accountability, security and good governance? We must know that these basic mainstays are in place, and will stay so in future, to give it our support. Well governed data is more likely to get our trust, therefore our consent and be of better quality for buyers.

We must also not forget to clarify why it is our records are needed in the broad and undefined care.data scope that we still have not seen pinned down. Is the public good really defined for care.data and does it outweigh the private long established rights of consent and confidentiality? Do we trust these commercial company uses to do “no harm” as the US Commissioner of the Federal Trade Commission examined?

…”the profiles have the ability to not only rob us of our good name, but also to lead to lost economic opportunities, higher costs, and other significant harm.”

When we visit a medic we are vulnerable, ill or in need of help. We entrust our knowledge in confidence, and trust it will be used for our care. A whole hotchpotch of other indirect uses, including commercial exploitation is not what we expect. We need to trust the data we give away to local staff,  is processed appropriately all the way up the data chain, when it is stored, when it is released and beyond. For now at least, it appears citizens can only control the one point at which we first give our data up. After that, we have faith that those governing our data ensure the processes around its management are worthy of that trust. The governance processes that go beyond the HSCIC control, will directly influence that trust, and our care.data decision to object, or not.

For citizens to see this still precarious commercial hull, and trust that our innermost confidences should be safe within it, is stretching our trust, just a little too far.  The knowledge of our health and lifestyle should not be commercially exploited in this uncontrollable marketplace by data brokers without our knowledge and consent.  Health data is on the cusp of including more widespread biomedical data. In my children’s lifetime that may be a whole new era of data management to contend with. For now,  all this intensive data mining may be much more than we already imagined and we should carefully consider how society will be affected if it includes every aspect of our health and lifestyle data. It may be yet another aspect of individual surveillance more than society can stand.[18]

The care.data storm may not yet be over.

*****

In part three on commercial uses, I’m going to explore, from my lay perspective, on how some of these intermediaries and data processing companies, use data concretely in practice. As Julie Brill says how these intermediaries, “create a narrative about our past, present and even our future lives.”

******

[1] Data Brokers: A call for transparency and accountability – http://www.ftc.gov/system/files/documents/public_statements/311551/140527databrokerrptbrillstmt.pdf

[2] Food Marketing film by Catsnake with Actress Kate Miles via Upworthy  http://www.upworthy.com/no-one-applauds-this-woman-because-theyre-too-creeped-out-at-themselves-to-put-their-hands-together

[3] Your Credit Ratings explained BBC http://news.bbc.co.uk/1/hi/business/2963580.stm

[4] “Mosaic is Experian’s most comprehensive cross-channel classification system …it helps you understand consumers in extraordinary detail.” http://www.experian.co.uk/marketing-services/products/mosaic/mosaic-in-detail.html

[5] Flagship care.data – Commercial Uses in theory: http://jenpersson.com/flagship-care-data-precious-cargo-1-commercial-uses-in-theory/

[6] Health and Social Care transparency panel:- minutes from 23rd April 2013 –  https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/259828/HSCTP_13-1-mins_23_Apr_13__NewTemp_.pdf

[7] 17th March Omega Solver in the Guardian, by Randeep Ramesh http://www.theguardian.com/technology/2014/mar/17/online-tool-identify-public-figures-medical-care

[8] 16th March Harvey Walsh in the Sunday Times by Jon Ungoed-Thomas  ‘healthcare intelligence company, has paid for a database’ http://www.thesundaytimes.co.uk/sto/news/uk_news/Health/article1388324.ece

[9]  The Privatisation of the NHS Prof.A.Pollock at Tedex event

[10] HSCIC Data Register http://www.hscic.gov.uk/dataregister

[11} Evidence at Parliamentary Health Select Committee April 8th 2014: http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/health-committee/handling-of-nhs-patient-data/oral/8416.html

[12] Care Bill 2014 – Enacted: http://www.legislation.gov.uk/ukpga/2014/23/section/122/enacted

[13] care.data in their own words – D. Gillon Where’s the Benefit? http://wheresthebenefit.blogspot.co.uk/2014/03/caredata-in-their-own-words.htm

[14] Public vs Private interest – Dr. M Taylor, “Information Governance as a Force for Good? Lessons to be Learnt from Care.data”, (2014) 11:1 SCRIPTed

[15] Fume Cupboard access in NHS England stakeholder  letter April 14th 2014

[16] Letter from Jeremy Hunto HSCIC regarding patient confidentiality

[17] Health Service Journal, June 12th, Nick Renaud-Komiya, http://www.hsj.co.uk/news/trusts-ordered-to-delete-incorrect-data/5071902.article?blocktitle=News&contentID=8805

[18] John Naughton, Observer 8th June, http://www.theguardian.com/technology/2014/jun/08/big-data-mined-real-winners-nsa-gchq-surveillance

care.data – Riding the Change Curve

I’ve been inspired by many people this week.

Shakespeare who is long dead. Another, less famous, we celebrated at her funeral after only a few weeks of living with diagnosed endocrine cancer. She would have turned 76 this week.

The change curve

How do we deal with change?

Anyone familiar with the theory of grief, or more happily (as I am from my previous professional life) the similar theory for managing change, knows the stages along the curve we need to go through, to reach a new status quo after a process of adjustment.

After the initial shock and denial, there may be anger, frustration and fear before any acceptance or new optimism is possible.

Individuals follow the curve at their own pace. Some may not go through each stage. Others may simply be too upset, disagree early, give up with or repel the change, and never reach a comfortable position or commitment to a new status quo.

Whether it is grief or a business change, the natural initial response is emotional, and starts with loss. Loss of a person, of position, of something we cannot control. It can take a great deal of support, time and good communication to go through the journey.

(And yes, there’s a comms lesson for care.data in here.)

Before we begin on a change we need to understand the point from where we are starting. And crucially, to understand that Change is about people, not technology or business process.

The change curve starts with shock

From many people’s perspective, the concept of care.data, has been a shock.

For those working on the project, or at NHS England, that is probably hard to understand. ‘Why on earth all the fuss?’, they may ask. It’s easier to understand, if you realise the majority of the public had no idea at all, our health data was used for anything other than our direct care and some planning. Much less may have been winging its way on the cloud across the Atlantic. It feels like data theft.

It’s easy for those in a technology project to see ‘coded’ health records simply as data.

‘Coded’ is however like saying we speak the ‘French language’. Computers ‘only speak’ code, so telling the public it is coded is either trying naively to make it sound safer than as if ‘plain language’ was sent from the GP system to the central system, or it is misleading.

In the same way, if you say ‘opt out’ the system records  ‘9Nu4’ on your record. In addition, there will be a label to go with it, so if GPs run a report to find everyone who has opted out, they can. It’s not hard to understand that MOTDOB is mother’s date of birth. There is a full public dictionary of these codes.

NHS England and the project team, should also not forget that this is not just ‘data’.

To us, this is our irrevocable health and social imprint. Signposts to who we are, have been and perhaps, will be.

It’s personal and private. And as yet, we may have only shared those facts with our GP. Only our GP and not yet our partners, or parents. And then we find out global Health Intelligence companies might have our sexuality or pregnancy history, conditions we may not have told anyone but the GP. Data intermediaries may have complete picture of prescribed medicines, drawing on information from 100,000 suppliers, and on insights from billions of annual healthcare transactions. “mountains of data from pharmacies, insurance claims, medical records, partners and other sources, 17 petabytes of data spread across 5,000 databases.” We want data used by the right people for the right reasons, and know where it goes and why.

HSCIC is giving it away almost for free.

To them it may be only data. To us it’s intimate.

But for the three of us in this marriage, it’s information which has been used and shared with these third parties, and as far as we can see, only one of us really benefits from the deal. Identifiable or not, is only part of the story. It’s our biography we did not give you permission to read or tell.

The initial shock, fears, anxiety and general disgust that our personal details are sold (sorry) given away on a cost recovery basis charging to cover processing and delivering the service, should therefore be more understandable if you realise it was a complete surprise.

(The surprise may or may not be quite as great as the exploding whale posted via Wired at the end of this post. Go on, you know you want to.)

Change is the only constant. How can we progress?

The Change Curve based on the Kübler-Ross Grief model

 

So, what happens now? How can the public move forward, to get to a position of trust and acceptance, that this is what is already happening with our hospital data (HES), and planned to happen with the majority of our GP stored data in future (whether we like the idea or not)?

In order to move us along the curve, NHS England have a large task ahead. In fact, a series of tasks ahead, which are not going to happen overnight. How are change and communications working together?

As there’s no detailed ‘care.data progress’ public communications easy to see on the top level of NHS websites I can only see other info as it comes out through online search alerts. And since it’s my, my children’s and all of us as citizens, whose data that is being discussed here, I think we should be interested and want to find out and question the ongoing status. The GP FAQs have gone or are hard to find, and the patient FAQs are still inaccurate IMO. This page should be top level leading, not six unsearchable clicks down.

From the latest update in the care.data advisory group meeting notes, with much more concrete progress to see, it is good to see that communications features often, and note ‘a comprehensive engagement plan is already underway.’

That plan will be interesting to see mapped out as time goes on, but I do wonder whether it is the right time to be looking at engagement, when so much for the care.data programme remains to be clarified or is undecided?

Questions remain how less raw data can be given away, further legislation, the ‘one strike and out’  how to deal with data breaches, views on enabling small and medium enterprises (SMEs) data access, GP staff opt out understanding, public op out understanding, clarifying the narrative of risks and safeguards. Some steps to be reviewed not until ‘over the summer’. And that’s only a summary of a summary, I am sure only a glimpse of the foam on the top of the wave of what is being done under the surface.

An engagement plan can’t have gaps. Communications is not one-way, that’s PR. So we can only hope there is a real engagement underway of listening which will result in action, but not in ‘transmit mode’. Engagement needs to be concrete to work from day one. We don’t need a sticky plaster and pat on the head, we need fixes and facts to back them up.

Communications and Change

Why can comms not start now and be added to as we go along, you may ask? Whilst it can, and indeed most communications plans need some flexibility, a good Communications Plan needs to ride leashed tightly to the Change Management Plan.  And given that different individuals are each somewhere different on the change curve, at any given point in time, you need to be able to address questions that any of them may have, simultaneously, regardless of whether they have just heard the news, or are almost finished their change journey. For GPs, their staff, other medical professionals, citizens and patients.

Riding the wave of the change curve, some are nearly back on the beach, when others haven’t yet entered the water. Some have got out and will not be persuaded back. Others may.

Therefore until many of the open issues are resolved, until governance and legislation is clear, unless it is focused on listening and resulting action, most communications can only be wasted PR rhetoric. Perhaps there are great plans. But Houston, we don’t have a communications problem. Honestly. As far as I can see.

There is no communications issue, there are issues which need communication.

Why? Because folks who opted out already will not be sold on the benefits. They will only be convinced by a clear picture of known and well governed, legislated, mitigated risks AND benefits. Then they can weigh up a decision. (Assuming indeed, the Secretary of State is a man of his word and maintains the patients’ right to object, which is not a legislative right.)

“The law is a statutory enactment which requires the disclosure of the data, which means the data becomes exempt from the main parts of the DPA.” (ICO)

For the population not reached yet, however, there is a requirement to at least give fair processing, even if you can debate the fineries, all common sense says make the same mistake twice, and you’re sunk.

The trickiest part in the communications, is to address different segments of the population who are at different points in the curve, at the same time. Some of whom are hard to reach.

I am sure there are many people working behind the scenes to bring about this managed change. Let’s not forget, this programme was intended first to launch a year ago. Professionals are working on this, it’s not new. But Dear God, please don’t launch more communications along the same lines as before. September saw GP materials go out with no training and no measure of how well practices had understood the materials. A misleading poster and misdelivered leaflet for patients created more confusion. Which all went out before proper governance, legislation and technical solutions were in place to make it all work well. The advisory group minutes and Mr.Kelsey’s letter indicate there is much work to be done in these areas still. Yet engagement activities are planned May-July.

To look at basics, I think these three things for starters, need resolved before you can talk about risk mediation:

1. a) Purposes of what data is taken and b) who accesses data:  the care.data addendum which sought wider purposes and third party access by think-tanks and information intermediaries is still to resurface, after being returned by the GPES IAG in February for amendment. Which means final data users remain somewhat undefined. And we’re still pending the complete audit of past and current data recipients through the audit overseen by Sir Nick Partridge. [NB: since done in June < see post]

2. Amber is not Green – data protection: Why is potentially identifiable data and what really quite clearly, will be identifiable when so many companies sole purpose is to take a wide range of data sources and mash them together,  given no data protection in law and no clear choice over its use in HES release?

It may for release from HSCIC be treated more carefully than green data only in so far as it is not publicly published on a website,and goes to committee review, but it may be provided to a wide range of commercial companies who then create information from it which they release.

The raw data’s nature can be sensitive to us and it’s certainly personal, so that we would expect it to be kept confidential, and yet it is  shared and may be combined with recipient’s other data sets are at individual patient level?  It feels like a great big whale in the room – it’s not green, we can’t protect it, but if we close our eyes it might go away.

It’s not conducive to trust, when it feels like a con. Just call me Ishmael.

3. Individual data control – opt out and rights: Point 2 leads to a huge potential iceberg ahead which still needs resolved. The UK and upcoming new EU protection laws and their, the ICO and the HSCIC definition of anonymous and pseudonymous data. We must understand how they are to apply and are not only legal, but feel just and fair to us as citizens. It should be looking ahead to meet the coming law now, shaping not avoiding best practices.

What rights does the individual have? How will GPs resolve their conflict of protecting patient confidentiality and complying with the new law requiring them to release it? Some GPs don’t think it’s a good idea.

There will be some citizens who want no data stored centrally at all and even want their HES back out. What will they say to someone who point blank does not want any of their medical record outside their practitioners’ control?

So, are we about to see a repeat of the same communications catastrophe – launching engagement, before we know what exactly what it is we’re talking about? Surely not. But looking at the calendar…

As an outsider, I just wonder how can effective engagement begin, when questions may be asked which cannot be answered?

Workshops to separate truth from myth, risk going down as well as Ahab in Melville’s story, if you have people who are upset, and you have nothing to offer them but unsupported ‘reassurance’. I’d like to see a webpage or presentation of those myths, because I don’t feel I’ve seen many myself. If anything, issues have been debunked by careful wording rather than straight talking.

Change and Trust

Change can’t be done to us without huge resistance. Change has to happen with us, if we are to trust and adopt it. If collectively we get stuck in anger and fear, we’ll not get to acceptance. And it actually has the potential, suggested Ben Goldacre, if not already done, to leave a negative wake on wider research & society.

There has to be trust in the change, that it is for widely acknowledged ‘right’ reasons.

There has to be trust that the terms of the change are defined and stable. Words such as currently, and initially, have little place in the definition of future agreements.

There has to be trust that what we will lose, is in proportion and outweighed by what we’ll gain from the new.

When we read global stories of how healthcare data is misused, and we can’t see who has access to our own data on any real-time rolling basis, it leaves open the fear that data can be given inappropriately, without check and balance, for months. The recently released register is one good thing to come from the debacle so far, and the further audits are ongoing, expected towards mid-May, but any future register is only going to be publicly accurate 4 times a year. It’s better than nothing, but surely not hard to update in real time.

Until the history is entirely transparent, it is a challenge to see how concerns about past use and lack of past governance, and the lack of trust those errors created will be possible to fix. The sensitivity of our raw data is likely only to increase as scope is broadened in future, and the scale of the requests is expected to increase as the era of Health Intelligence takes off and becomes ever more profitable for those third parties. 

Trust will need to increase if anything proportionately, as this scale and sensitivity increases. So any communications of future releases and their governance needs to be sustained. It’s not an afterthought of ‘what we’ve done’. It’s the key to being allowed to carry on doing it.

Change Managers need to understand an individual’s own story, values and what makes them tick, to have an expectation of what the change impact (possibly negative) will be for individuals or groups and what’s in it for them (the positive) and any wider impacts, for example considering the Public Interest. And all leaders, need to have available from the start, the information which will answer the questions for people in each of these groups, at every stage of the curve.

Decisions in the public interest, may be subjective. Jeremy Hunt has said that we,

will “get through” the heated public debate this scheme has caused regarding patient privacy and the potential for the data to be re-identified.”

I’d like to hope we get more than ‘through it.’

To say that, underestimates the task ahead.

It’s not a tunnel or a final destination, but a process.

And the longer the data is shared over our lifetimes, the more likely it will be re-identified with all the other passive and other Big Data which is shared in our future. So there’s no patch, pop up and coast to the beach. I can only think this is a one time chance, and the leadership comments seem to underestimate it.

It must be done correctly now, to set up a framework which will be robust enough for the future size and complexity of the future Big Data vision.

Legislation to build a solid Future foundation

There are still many unknowns it reads from the meetings, from opt out, to wide ranging governance issues, to securing watertight legislation.  The scale and sensitivity of the data and how it has been handled in the past, shows how the current model is not fit for purpose.

This week there is still crucial legislation being considered which will help to fundamentally cement or fail public trust.

Trust not only in how our data will be governed, but in common sense in our governing bodies. The legislation addresses:

  • Retaining control and management of confidential information
  • Putting the independent Information Governance Oversight panel on a statutory footing
  • Independent oversight over certain directions  and the accreditation scheme
etaining control and management of confidential information – See more at: http://www.allysonpollock.com/?p=1820#sthash.No8G7kcT.dpuf
retaining control and management of confidential information – See more at: http://www.allysonpollock.com/?p=1820#sthash.No8G7kcT.dpuf

I’m no legal beagle, but it appears to make excellent sense and the detailed wording (via Prof. Alison Pollock’s page)  is very straightforward.

I hope it is clear that patient choice and public interest complement one another in these proposals. Just as Dr. Mark Taylor, Chair of CAG, outlined in an excellent essay,

“the current law of data protection, with its opposed concepts of ‘privacy’ and ‘public interest’, does not do enough to recognise the dependencies or promote the synergies between these concepts.”

If the Lords support Life Sciences’ interests, as many in the chamber do, they will need to support the proposals in order to ensure the public remain opted in to care.data.

Without these governance amendments, many more will opt out I am certain from talking to people on the street, and the value of the population-wide database will be undermined. So, the theory on paper next week, will have a crucial role in the practical outcome of the care.data implementation and its lifetime value.

No one said, change is easy

Importantly, in any theory one does well to remember the practical reality. Each response is unique to an individual. No one model will fit all. Each person commences the journey of a changing situation, from a different starting point. We each begin the process from a different level of baseline knowledge. We each have our own ways of dealing with loss, and experience different levels of anger or fear. There are early and late adopters.

Some things are difficult, but have to be gone through. For me, Tuesday was a day of looking back at wonderful memories.

We also sometimes need to accept what cannot be changed. When the time comes, I support the idea that we can live with a disease and dignity, not just the label that we are ‘dying’.

My final inspiration of the week, Kate Granger articulated this, so much better than I could, last week:

“I cannot imagine a human society free from cancer, no matter how much money we invest. As a cancer patient who will die in the relatively near future, I believe rather that instead of reaching for the traditional battle language, [life] is about living as well as possible, coping, acceptance, gentle positivity, setting short-term, achievable goals, and drawing on support from those closest to you.”

 

care.data requires courage from all the parties involved, because everyone is going through a certain process of change and compromise. Even those who planned the now delayed launch, need to recognise a need for change and why we’ve got to put a solid, not rushed foundation in now, and be in it for the long haul to get it right.

With lasting legislative powers, we public can better entrust our faith and data to the system, not just today, but into the future. With a proper independent Governance and oversight process we can hand you our trust for safekeeping with our records in good faith. We can only trust these proposed changes make not just waves, but make real progress.

If nothing really substantial changes in the pause, and we don’t see increased measures to create trust, all that will happen is a build up of frustration and pressure of all the people who can’t move forward from the initial anger and confusion. They will opt out. And there’s a risk public opinion will burst under pressure. No one will want to support health record sharing for any purposes, even bona fide good research, and there will be an explosion of opt outs. Projects will be abandoned, like a dead, washed up whale. (Which you really don’t want to happen. Really. It’s not pretty viewing, don’t say I didn’t warn you. But it’s kind of fascinating too and all the number crunching too.)

This can be avoided.

But plus ça change, plus c’est la même chose. Two months into the pause, are we seeing changes taking effect, or more of the same talk?

I look forward to better information on how and where our data has gone in the past. I think only after that will it be possible to get the history aired and resolved for improved future procedures once we have the complete audit picture, including that under Sir Nicholas Partridge, due towards the end of this month.

The further governance and independent oversight issues will be best resolved in legislation, which would help them be free of political change and create a framework worthy of the big data vision for the future.

In Summary

I hope the Change Management is as carefully thought out as communications and engagement is based on substantive steps before it.

These steps simply, start with:

1. a) Tighten and define clearly the purposes of what data is taken and b) who accesses data. Now and for future change.

2. Amber is not Green – data protection: Tighten what is potentially identifiable data and what really quite clearly, will be identifiable when so many companies sole purpose is to take a wide range of data sources and mash them together.

3. Individual data control – opt out, and legal rights. Will opt out get a statutory footing rather than Mr.Hunt’s word? Will we design now, for change in the UK and upcoming new EU protection laws?

Tighten the processes, define more of the facts, so you know what you’re communicating.  Let people ask questions, and let us have sufficient time to go through the curve.

A rushed rollout, will create more people who block the change, opt out, and never return.

I realise much of this post addresses how I feel, and the feelings I have picked up from care.data events, from others discussing it on the street and school playground. Emotions have a role to play in this discussion, but better facts will go a long way to making objective informed decisions. And crucially, our decision making must be allowed to be objective and free from emotional coercion.

I’m cautiously optimistic and look forward to seeing public materials to get the GP profession and public on board and riding the care.data change curve each at their own pace. There is clearly a tonne of work to be done. It’s not going to be glassy, by any stretch of the imagination, but perhaps we need a few rough times to remind us what matters most to us, and why.

It makes us engage.

The question is, in the coming weeks and months, is NHS England prepared for genuine change and engagement with the public, not just PR?

Flagship care.data – precious cargo [1] & commercial uses in theory

“The challenge is that if many users of data are intermediaries with re-use licences and even the HSCIC doesn’t know who all the end users are, how on earth can anyone judge how they will be for purposes of ‘improving NHS care’?”

Commercial and third party use is one of the most damaging aspects of the rollout which is wrecking the care.data programme.

I’ve cut my opinion on this care.data topic into two parts, theory and practice, to address the outcomes of the LMC conf of yesterday from a patient POV. From my lay perspective, the result of the debate and votes was partly due to the failure to shore up the policy theory around commercial uses to make any perceivable improvement to trust for the future. And partly based on proven failures in practice to protect our data in the past. Failures around commercial use of care.data in theory and practice.

The theme of making money, is a recurring topic for women in literature, and graced or should I say, grubbied  our screens in recent weeks in the adaptation of Dame Daphne Du Maurier’s Jamaica Inn.

Mary Yellan, orphaned and without means, seeks the only family she has and lands among the smugglers and muddy marsh of the Cornish moors. It’s not only set against a backdrop  of smuggling, but wrecking. The heroine struggles between moral conflict and practical necessity, whether to join in their activities, against her ethical principles.  She gets used to it but ultimately can’t live with it.

Given that the real inn is in the middle of a very bleak moor, with no outlook except the rough shorn grass, you need to really see unmet potential to want to be its new owner. For that, you need to see strong commercial opportunities or be a committed hard core Du Maurier fan. Or both.

So it can appear, from a patient point of view on care.data. Either the driving parties promoting the release of patient data see unmet potential [1] which needs commercial harnessing [1b], have direct commercial interests[1c], or they have another personal interest in its extraction and access. Or perhaps they are just hard core fans of data sharing, to the point that we should support mashing our health data up with commercial retail loyalty cards as Mr. Tim Kelsey suggested in November 2013 at Strata [from 16:00] [2].

Are the same people and organisations driving the programme and calling for ‘data for patients’ not also the same who will benefit most from having access to the data? The measurable benefits to us patients remain unclear, at best. The cost, our confidentiality and GP trust, is however clearly non-refundable. Consent, the age old pillar of medical ethics is to be waived aside. The LMC Conf obviously see value in protecting confidentiality at source if it cannot be guaranteed by others, whether the HSCIC or the data users.

Who will all the end users of our data be? They remain somewhat undefined, because the care.data addendum including Think Tanks, commercial companies and information intermediaries was not approved [3] and because future users are undefined in social care, for example. Future scope will entail additional future users. But then perhaps this should not surprise us that NHS England and the HSCIC expect us to acquiesce to this fair processing failure although we don’t yet know all the future end users, because Sir Kingsley Manning admitted that HSCIC does not know who all the current end users are either (Q272) [4a] at the  Health Select Committee hearing. So, were the GPs at LMC Conf just expected to trust ‘on spec’ to whom their approval of care.data would entitle its sharing?

Information intermediaries in particular, seem to still be on the key stakeholders list[5] in January 2014. But only a year ago, in April 2013, The ‘Health and Social Care Transparency Panel’ discussion on sharing patient data with information intermediaries clearly stated there was no legitimate or statutory basis to share at least ONS data with them. [6]

“The issues of finding a legitimate basis for sharing ONS death data with information intermediaries for commercial purposes had been a long running problem. A number of possible approaches had been considered but advice from the relevant Government legal teams was that there did not appear to be a statutory basis for doing so. The panel identified this as a significant barrier to developing a vibrant market of information intermediaries (IIs). It also limited the ability of IIs to support NHS organisations with business intelligence to evaluate and benchmark the quality of their services.

It was agreed that this issue needed to be resolved, and if necessary changes to the relevant legislation should be considered. ” 

I would love to know whether the law changed in the last year, how was the issue resolved, or has HSCIC and have we just through use, acknowledged that this sharing with intermediaries is acceptable and legal? The meeting later in July should have given clarity, but I can’t see minutes beyond April. They are no doubt somewhere, and someone cleverer than me, can help find them and clarify how the decision was reached I expect. I did find notes in the recent HSCIC audit of past data releases [4b], that ONS data was granted under existing law after all:

“The ONS data are supplied under the Statistics and Registration Service Act 2007 section 42(4) as amended by s287 of the Health and Social Care Act 2012, for the purpose of assisting the Secretary of State for Health, or the Welsh Ministers, in the performance of his, or their functions in relation to the health service.”

Since the Health and Social Care Act revoked the Secretary of State’s duty of care to provide a national health service, I wonder what functions it relates to as pertains to third party intermediaries? The ONS application form is detailed but no more enlightening for commercial intermediary use. I can’t help feeling we’re seeking justifications rather than good cause as the starting point for widening data releases. That we are starting to accept that our hospital records have been shared without our consent and sold. (Let’s give up the recouping costs word play, call a spade a spade. Data and cash change hands.). ‘What can we do about it anyway? we may well ask. As time has gone on in the care.data debacle, and in the three months since the delay, it appears from the leadership comments of NHS England from Mr. Kelsey in Pulse that, we’re not to worry, “now we are working to make care.data safe.” [free registration required] Still no one has said, we made a mistake of its handling in the past.

This acknowledgement however that work needs done to make the data safe, underlines exactly what so many saw months ago including the GPES advisory group which had concerns [17] in Sept 2013 on commercial uses and its communication, governance and patient trust. Care.data was launched regardless. Now it’s grounded.  What has improved since then? What remains to fix?

How well exactly did HES storage and sharing work so far, with breaches identified as well as the basic legal fair processing failing to inform us of its extraction? What has been done to prevent it happening again? I have seen no concrete steps which give me faith the past flaws have been fixed enough to now trust it in future.

In February, before the pause Jeremy Taylor of National Voices wrote a very sound 12 point plan of what needed to change.  Since then, what has actually  changed [7] as far as I can see, is only the introduction of a delay, and that his words were listened to, that there should be no artificial deadline:

‘”the timescale for launching Care.Data was entirely artificial, as is the six month “pause”.

Three months into the delay, nothing of substance other than agreeing there is no artificial deadline, appears to have changed.

The most significant past let downs have all been commercial or third party uses. OmegaSolver, Beacon Dodsworth, PA ConsultingEarthware.

The Care Bill amendment touted as a change in the legal protection of our care.data, does not block commercial Third party intermediaries sharing care.datauses of our data, only stating that it should be used ‘for the promotion of health’ which is open to all sorts of interpretation. Not least I imagine, those similar to ‘fight against obesity’ campaigns by marketing masters of commercialism.

So with little transparent change on policy, since we have become aware of data breaches, misuse and patient anger about commercial use, it should come therefore as no surprise that the BMA Local Medical Committees (LMCs) yesterday voted to state a preference for opt in not opt out, pseudo or anonymisation at source and insists that care.data should only be used for its stated purpose of improving health care delivery, and not sold for profit.

Simply: the public don’t trust that our identifiable data is protected and we object to all our data being traded commercially.

This is in direct conflict with HSCICs stated purpose in the HSCIC 2013-15 roadmap [8]:

“Help stimulate the market through dynamic relationships with commercial organisations, especially those who expect to use its data and outputs to design new information-based services.”

And in statements by both Sir Manning at the Health Select Committee and Dr. Geraint Lewis [9]:

…”we think it would be wrong to exclude private companies simply on ideological grounds; instead, the test should be how the company wants to use the data to improve NHS care. And, as Polly Toynbee put it, if “it aids economic growth too, that’s to the good.”

The challenge is that if many users of data are intermediaries with re-use licences and we don’t even know who all the end users are, how on earth can the HSCIC judge how they will benefit ‘improving NHS care’?

As regards economic growth, if the aim is to give away data for free, as Mr. Kelsey told the September 13th NHS England board (from 26:10)[10], how is the NHS to make profit from it? It’s not. Commercial companies are to buy at prices only to help HSCIC recoup costs [11], so that is not technically opposed in wording to ‘ not making a profit.’ Citizens, GPs and others can be aligned with that on paper. But not in spirit. For now commercial companies profit from our state funded records, paid for by NHS DoH money.  They profit intermediaries with re-use licences beyond which we have no visibility or control of where our data goes or why. And the fact that the wider profiting third parties from the whole scheme,  ATOS paid zero tax in the UK in 2012,[12] really grates. How does the cash given to ATOS benefit economic growth in the country?

Therefore, for the LMCs to have voted now any differently, would have expected them be soothsayers, knowing that the care.data work-in-progress and any future changes will make both the future scope purposes and future users clearly defined, in order to fulfil their duty as data controller, ensuring patients have a reasonable expectation of how their data will be used. It asks GPs to betray their age old fundamental principle of medicine, to betray patient confidentiality, for commissioning. They are being told to betray the good ethics of consent.  They are being asked to betray patients’ trust and even to use that trust to ‘sell’ the idea in which they may not believe.

And care.data current processes betray the best practices of data collection – seek to collect the minimum data required, for a specific purpose and delete it when that is completed.

“Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes’ consistent with the Data Protection Act principle 5. [13]

Instead HSCIC’s remit over the coming years of care.data is to fill in all the remaining gaps with any health and social care information not already collected [14], and keep it linkable from cradle to grave – or even from “germ to worm” for everyone with an NHS number in England. Purposes are non-specific and unlimited because they’ll change over time and the end users are not all defined for it plans to be opened up increasingly widely for use in social care and we don’t know what else.

caredatatimeline

 

In my lay view, the BMA LCs had no choice in the interests of their patients but to call for a rejection of assumed consent and commercial uses. The two do not go together. Opt out for uses of our data purely for NHS care and its planning would be much more palatable. But add in commercial uses, which is what has both been the main source of patient objection and data breaches, and it’s a deal breaker.

They can’t stake their support and reputation on a best guess of what might be. They can only base their judgement on what they know now. And no one supports care.data exactly as she is right now, which is why it is postponed and work in progress. Shore up trust, governance and axe these commercial uses and perhaps an assumed consent would seem more palatable. For example, Cross border governance needs documented when the application form gives non UK options. Scope and users need defined to ensure proper fair processing to meet DPA ICO requirements [16]. But so far, nothing has visibly changed.

It’s no different from when Ben Goldacre was telling us public trust cannot be easily regained and it broke his heart [15]. I know why, there are expected benefits to public research amongst others to access primary care data more than they already have in CPRD or pseudonymous data in QResearch and others, but we need to act based on today’s approved uses for care.data, not what might be remain in an undefined future. Right now, we’ve seen no changes of substance since the delay was announced.

NHS England can’t therefore genuinely expect to see a shift in trust in citizens or GPs based on nothing more than lines in the sand.

I believe GPs at the LMC Conf took the best decisions they could with the programme in its current form, with knowledge of past problems and lack of future clarity over scope and users.

They voted for how they feel best protects, respects and empowers their patients.

If our current Data Controllers and  guardians of confidentiality don’t stand up for patients to get the build of the infrastructure right before they agree to release our data to fill it, who will? The question will be whether the Secretary of State and NHS England will force their legal right of extraction through regardless, or will respect the medical profession’s representatives and the rights of citizens they care for?

There is an opportunity to fix things. The LMC Conf after all have no legal efficacy, they stated their opinion and stance which commands respect and attention. Flagship care.data is not washed up, yet. But it can’t sail without addressing governance and professional support. Commercial exploitation and assumed opt in are not going to work comfortably together. Transparency of who has access to what data for what purposes and how it is released needs sharpened up. And regardless of whether opt in ever comes onto the table or not, if care.data keeps her strongly  commercial heading many, many more will jump ship to opt out. The damage of bias will be done, either way.

She needs some new directions, helmsmanship that we trust and sound repairs.

********

If you have missed the background to this saga, I’d recommend the Julia Powles article in WIRED – what to save when the care.data ship goes down.

I’m going to look at some more of the commercial uses of care.data in practice another time. And clarify the communication of the opt out codes and why research purposes is a misnomer in the GP patient record sharing part of care.data purposes – it’s not (yet at least) an approved use.

********

[1] MOU between AstraZeneca and the HSCIC, December 2012

[1b]  ABPI Vision for harnessing Real World Data 2011

[1c] Hansard, Nov 2010 George Freeman ‘I know from my own experience that we are sitting on billions of pounds-worth of patient data. Let us think about how we can unlock the value of those data around the world.’

[2] Strata November 2013, Tim Kelsey keynote ‘mash it up with other data sources to get their local retailers to tell them about their purchasing habits so they can mash that up with their health data’

[3] care.data addendum Sept 2013

[4] Written Hansard of the Health Select Committee , 8th April

[4b] The HSCIC data release register issued on April 3rd 2013

[5] Oversight panel with input from Dame Fiona Caldicott, January 2014, with stakeholders’ list

[6] Health and Social Care Transparency Overview Panel April 2013

[7] National Voices – Jeremy Taylor, an excellent overview of 12 points which needed fixed from February 2014

[8] HSCIC 2013-15 Roadmap

[9] NHS England comments by Dr.Lewis on commercial principle

[10] September 13th 2013, care.data directions approved by the NHS England Board – care.data from 25:40 – 39:00 – note identifiable, not anonymous data is extracted and stored with the DLES at HSCIC, and GP objections to date on care.data opt-in seem not to have been respected in contrast to the claim ‘GPs make a decision’ from 31:00. There is to date, no communicated way to prevent HES data extraction and its sharing in pseudonymous form.

[11] The HSCIC Data Linkage price list

[12] The Independent, November 2013 Atos & G4 pay no corporation tax in 2012, National Audit Office stats via Adam Withnall, The Independent

[13] Data Protection Standards – retention, principle 5

[14] care.data programme overview April 2013

[15] the Guardian, 28th February 2014 – care.data is in chaos – Ben Goldacre

[16] Blog from the Information Commissioner’s Office on care.data Data Protection and Fair processing

[17]The GPES Advisory Group meeting minutes Sept 12th 2013

{updated 28th May – looks like past uses of our health data are now also under scrutiny by ICO which is investigating claims that insurers have accessed full medical records using subject access requests.}

By theamateurbookblogger@googlemail.com

care.data – the 4th circle

commedia“Will it become a productive process putting patients’ choice and empowerment first, or is it all talk, hurling stones at one another, going round in circles and building nothing?”

Since The Lords voted to reject proposed amendments last week, to legislation which would have emphasised patient empowerment in the programme and shored up trust, I feel a little in limbo.

As patients of the NHS in recent times, we have been bombarded with the language of patient choice, personalised care and patient empowerment. Putting patients first.

But what power or choice do we patients really have in the use of our health data?

It seems that increasingly media articles, meeting minutes and speeches talk of power and patient empowerment, but it feels like in reality we have less and less.

So too we hear repeated how ‘powerful’ our health data is. How the power of data and its management is used, how the concomitant language is used, misused and shared with others, influences decision making around the subject and our patient rights.

All things are subject to interpretation. Whichever interpretation prevails at a given time is a function of power and not of truth. – Friedrich Nietzsche

As a Germanist at university, interpreting Nietzsche was both a cause for celebration and a cause of much gnashing of teeth. Having also studied Italian, I’m mixing my Dante in there, apologies.

The gnashing of teeth, biblical in origin, was reserved by Dante for the fourth circle of Hell, in his most famous work of his trilogy, the Divine Comedy. The fourth circle was the realm of money. It contained two opposite groups, the avaricious and the squanderers. The bridge builders and the destroyers.

Both the hoarders and the wasters are obsessed with development, either promoting it, or stopping it at all costs. And their punishment is to go round in circles, labouring against each other with heavy rocks, from opposing sides for eternity.

My background is in making technology functional for users to make their work easier. Systems only work which  have a proven benefit for the stakeholders. Introducing new systems is not about technology, but about people. If people don’t want to use your system, you can’t make them. They will find a workaround or data quality will be so poor as to make it worthless. Any project with opposing sides, will have some degree of argument and failure for one or more parties. It’s not what working together, should be about.

When I heard the Lords debate, two things struck me.

The first, whilst different arguments were debated they were really not opposed to one another, but trying to find the best way of achieving the project aims. The vast majority were common sensed and aligned. Wellcome and the AMRC support the legislative shoring up of trust. The biggest difference was that citizens’ trust and empowerment were supported better by the amendments, yet the vote went the other way.

The second thing which struck me, was how the language used can sway what we believe. We only believe what we want to believe, after all.

Labelling data as anonymous or de-identified when what is meant is pseudonymous, and mixing in ‘Open Data’ when ‘shared data’, is meant, is not the same thing at all. And it’s very misleading.

The Lords ‘ping pong’ last week again misrepresented, I feel, the weight that anonymous data sharing should have in the debate.

Earl Howe said;

“I stress this point in particular, as I understand that it has been the subject of some confusion. There is already a strong legal framework protecting the confidential and identifiable data held in people’s health and care records, not just the information held by the HSCIC but more generally. The Data Protection Act, which implements the EU data protection directive into UK law, provides powerful protection of information about living individuals. To summarise what is a lengthy and complex provision, it requires all such data to be anonymised except where there is good reason to the contrary. It remains the case that the Data Protection Act continues to offer strong protection of personal data…”

The fact he wants to make such efforts to ‘stress this point in particular’ does not fill me with faith in the system. In fact, I’ll be honest, I feel that on this point he was factually misleading.

Firstly, in terms of extraction.

The default position is to extract fully identifiable and personal data unless individuals object. PCD will leave the practice for all patients, where there is a legal basis i.e. under the HSCA 2012 or Section 251 approval.

So for Earl Howe to focus on anonymous use, detracts from the fact that it is not anonymous upon extraction at all and may be used and is used with identifiers, far more widely than patients might expect once processed. And will be by default, unless people activley opt out.

Misuse and inappropriate levels of risk exposure are made less transparent by the wording of what type of data it is.

Time and time again, even in the Lords last week, I am frustrated to hear inappropriate use of terminology which perpetuates misunderstanding.

We need to be very clear what  differences there are between data sharing and Open Data. Professor Sir Nigel Shadbolt addressed these differences and the release of Open Data at this conference on March 20th 2014. He importantly makes the distinction that the reusable open-to-use-by-anyone data of Open Data definition, is separate from most uses of personal data, even in the current ‘grab’ going on. [his words]

The Open Data movement is not trying to liberate and put out all our personal data.  He sees personal data, fully and properly anonymised, with consent,  will play a role. But we need to understand different ways of handling the different types of data.

Governmental legal guidance in 2010 did not have the interpretation we have been given today of amber, pseudonymous data. In this file you’ll see it’s personal (red) or it’s not (therefore fully anonymous). But it is clearly noted that anything which is not fully anonymous, i.e. what may identify individuals (what HSCIC labels Amber), should be treated no differently from red data.

“If the data to be shared is fully anonymised, then it will be less likely for problems should arise, though consideration still has to be given to the principles in the Data Protection Act 1998 (DPA). If the data required for statistical purposes contains information which may identify individuals (personal data), then the sharing should be approached in the same way as for any other circumstances, as explained in this guidance.”

I have no idea by whom and for whom it was written, but they state they consulted ICO.

We need to be clear, this is important both for public and parliamentary perception to make informed choices and inform the parliamentary care.data and wider data sharing debate.

In Parliament yesterday, Chi Onwurah MP (14 May 2014 : Column 848) said with regard to the Apprenticeships, Skills, Children and Learning Act 2009 – my bold:

It is therefore deeply troubling that the Government have tabled a last-minute new clause to the Bill to authorise data sharing among the Department for Business, Innovation and Skills, Her Majesty’s Revenue and Customs and persons providing services to them when it comes to apprenticeships. This may be both necessary and useful—the actual data to be shared may be entirely harmless—but it should be done transparently, with the right safeguards and accountability in place, and it should be done as part of a coherent strategy. This is clearly not the case here. The “person providing services” could be anyone, from individual consultants to big multinational companies.

We therefore tabled amendment (a) to ask what information was being shared, with whom, by what process, with what accountability, and how it fitted into the Government’s data sharing strategy. If the Minister can answer all those questions, perhaps the amendment will prove superfluous. If not, why not?

Doesn’t it sound rather familiar? Rushed amendment, lack of transparency, loose terminology of data recipients and purposes. If data is presented in wording which is inaccurate, we can only expect its use to be so too.

We need to ask what is the Government’s data sharing strategy and whom does this legislation serve?

Increasingly it seems to me that the Government is firefighting ad hoc bits of data legislation into existing Bills to enable their initiatives which need our personal data. We are being mined on all fronts. Open Data across the board, HMRC plans, DWP, the NPD, DVLA, care.data and more. And mostly, without our consent and often without our informed knowledge.

How is this empowering patients and citizens by removing our choice or rights of autonomy?

Some data sharing programmes may have been addressed and work well. But it takes more than a bathful of corks, to make a watertight boat. It sounds to an outsider, like overall data sharing design and strategy needs to go back to the drawing board and draw up a decent infrastructure. Patching like this, is a waste of time IMO and we can just sit back, and await the future leaks. I just hope they won’t be nightmare stories in health.

All in all, ‘you have a choice’ sounds rather hollow in all manner of fields right now. It’s been a bad week for patient power from where I write. Our local GP practice caring for 4,000 patients is set to close at the end of the month and the list shared out to three already full alternative practices.

Tim Kelsey as Director for Patients and Information outlined in 2012:

“making data available to the public does drive choice in the same way it would in consumer markets such as financial services or mobile telephones or whatever.”

Freed data was seen to walk hand-in-hand with choice. We were told with patient choice, would come patient empowerment. The NHS was turned into a consumer market in the HSC Act 2012.

It’s therefore ironic that the foundations of care.data fail to put patient choice as its cornerstone. It’s not a consent process which is set out by the HSCA 2012 (250-60’ish). It’s a gateway for extraction with no more than fair processing requirement. That loss of autonomy is not giving patients control nor choice. And the choice that is on offer, is limited. Both in scope and time. The only choice offered in the patient leaflet and communications, is to restrict fully identifiable onward data sharing from GPs or from HSCIC. And to be excluded from care.data is a limited offer – before it is launched. After that, the only choice left is to request the data which has been extracted is made pseudonymous, but it is not possible to remove it.

There can be no arguing with what has happened in the past regarding data releases which may no longer be seen as wise. Despite the fact the Information Centre cannot tell us today, (Q272) who all the end users of data have been in the past, we are offered no new barriers to breaches of trust happening again.

The Health and Social Care Act 2012 brought in fundamental changes in both practice and balance of power between patient and provider, and the State. These are changes in society over which we have little control, for now. Come the next General Election, there may be political change and ideology may be different. It may not be. And inevitably in our current political system, it will swing between different thinkings over time. But our health records given up today, are given up for life. Commercial exploitation is a value set being thrust upon us, which we may or may not not embrace. Both in terms of with whom our data is shared, who is managing it and how.

I met my own MP last week, thanked him for sharing my concerns with the Department of Health last October, and discussed the current status of the programme. He asked me, was I against sharing our medical records at all costs? To which my answer was no. No with a number of caveats.

We are used to, what most would see in this country, as a benign government. Events around the world, show us that we should not take it for granted. (I imagine at this point a failed Conservative election 2015, Boris with his cornflake model for society, replaces Cameron at some point in the next term, and wins in 2018 with support of a minority UKIP coalition. My personal result from hell. Don’t forget to vote May 22nd!)

If we have no statutory strength, what do patients really have power over in the choice to share our medical records?

So far we have only an objection to identifiable data sharing. No opt out of other data sharing from HES at all has been offered in patient communications. No opt out form and nothing in law. And Mr.Hunt’s word of ‘an objection which will be respected’ but does not yet match with what he promised on February 25th, and opt out of anonymised data used in research. 

…”we said that if we are going to use anonymised data for the benefit of scientific discovery in the NHS, people should have the right to opt out”

That’s not only on identifiable data as the patient leaflet proposed.  However I fear this may once again become subject to interpretation. Mr.Hunt has the power to make his promise a reality. I would greatly respect what he says, if we see his words become action.

In 2009 Mr.Kelsey voiced his opinion on opt out, in article published in his name in Prospect.

no one who uses a public service should be allowed to opt out of sharing their records. Nor can people rely on their record being anonymised..”

So who holds the power to make the decision? Mr.Hunt, Mr.Kelsey or do they mean what they say, they want empowered patients?

Whilst there are individuals who appear obsessed with pushing forward the promotion of health data sharing, at all costs, whether with their own Life Science company background interests, or with a vision of how we will mash it up with supermarket loyalty cards, others may be pushing back, immovably opposed to the whole idea of removal of GP patient confidentiality.

Unlike the fourth circle of Hell, there appears to be a more commonly held middle ground.

However, reality is that the opt out does not work like that yet. So far, we do not have a communicated choice on amber HES.

So even for those who support some data sharing, whilst trust hangs in the balance, people will not support a system which appears to deliberately disempower us. By first starting with opt out, care.data is skewed to removing patient choice from those who are not paying attention to public issues and we’re not sure of the security of the objection on offer anyway. Those who are alert, mainly dislike the idea of our data being traded with third parties who may use the data to create knowledge which they sell on, for profit. When we see stories of who uses it and how, we feel let down.

It feels both an abuse of trust and of power, that having trusted ‘the system’, we have been failed by its gatekeepers and guardians.

It is ironic that in a society in which news and campaigns persistently remind our children that their bodies are their own, that the knowledge of their workings will be taken from them without their knowledge or future ability to withdraw their consent and remove their records. In their lifetime, it might not only be e-data but biomedical.

Within assumed consent and opt out based on an honour system, is the question of power and control.  There is one person making a decision who can choose whether or not to respect our objection.

We have only his word, that we have an objection to share any individual identifying data from our GP practice.

The patient leaflet says, ‘you have a choice.’

In reaching our choice, I also ask if we are each individually empowered to make it of our own free will, or will we be emotionally ‘encouraged’ to see it as the right thing to do?

Perhaps made to feel selfish if we do not. Is this free and informed, and not coercion?

Citizens must be pro-active to opt out. The last letter from May 2nd online from Mr.Kelsey suggested we can work together, to get care.data right. However,  in the same letter our patient choice, comes at a price. Whilst being encouraged to see reasons to stay opted in and give up our data, we are told of a patient who was misdiagnosed and died.

“In future, this can help prevent cases such as Alison, from Hampshire, who went to her GP suspecting she had a brain tumour, but was prescribed painkillers. She was eventually diagnosed in A&E after a seizure and died less than a year later.”

I feel when I read that, it came across very much as, “see what happens if you don’t share your data? You’ll die prematurely” and the second statement on cancer in A&E made us feel guilt that we may not help us identify why someone else who died.  And if fear and guilt are not strong enough sticks, here’s the carrot, by sharing our data we’ll keep it safer somehow, by entrusting it to the State:

“minimise the risk to a person’s privacy being compromised in an age of increasingly sophisticated digital threats.”

(Erm, let me keep it only accessible by my GP practice then, rather than risk sharing it via Google Cloud?)

Please. Stop chivvying us into doing what you want. We have a choice. The leaflet, which we may or may not have ever received, told us so on the front cover.  You cannot also tell us what to choose.  Big Brother, you don’t have the right to make up our mind for us. No matter your own experiences, whether it’s a family friend’s care, or the terminal illness of a son, or indeed each of our own family experiences. None of us have the right to decide what is a correct decision for others. Neither should Mr. Hunt be asking GPs to ‘sell’ the programme to patients. It’s an abuse of power to coerce a free choice.

I don’t want to feel emotionally manipulated. Just be straight talking and trust us to make up our mind as we see fit.

Overly aggressive charity collector chuggers asking for cash donations on the street, get short shrift these days. It feels like the programme is still trying the same, with mildly threatening tactics in order to use our data, by research charities among others. The lesson why that’s not right seems not to have been learned. The Wellcome Trust clearly does understand what is needed and backed the Lord Howe’s governance and oversight proposal. (Col 1520).

The letter also gave the impression that poor or missed diagnoses in primary care were responsible for disproportionately finding cancer in A&E, which was disputed on social media Twitter by medics suggesting similar use of statistics had been previously corrected, when NHS England retracted it last autumn. Another lesson not learned. Is it an abuse of statistical data if whilst factual, it is knowingly being misunderstood and creating misinformation.  One could also ask, is this not an abuse of the power of data and anecdote?

Dante was a tad cheeky in the Comedy. He sought to create his own immortality. By retelling the stories of the damned, he created his own power over them. He controls the narrative, selecting whose stories get shared and those which do not. He is selective with the truth. He believes that by interpreting others’ stories he could give them, and himself, an eternal life. He puts himself among the great poets who have gone before him and enjoys their glory.

He is led through Hell, by Virgil, someone he both adulates and trusts.

So too patients need leadership we can trust and respect. We need transparent and accurate truth, if we are to build trust. There is no room for emotional blackmail.

There should be no power struggle in a free decision. Like in the Divine Comedy, there’s lots of rights and wrongs, differing ethics  and moral dilemmas to consider. But judgement should not be made.

Personally I believe it is not right that we parents should determine now what should be our children’s choice, with no correction nor future opt out. Not everyone *is* a willing research patient, and that’s OK. Others may want to be as involved as possible. Only 4% of the population are blood donors, but I’m not going to browbeat anyone into doing it who isn’t.

A stick is still a stick, even if you tell us in your opinion, it’s the right thing to do. You want to empower patients? Prove it. Empower us with statutory opt out and trust us to make our own choice.

Put patients first and show us you mean it.

Will it become a productive process putting patients’ choice and empowerment first, or is it all talk, hurling stones at one another, going round in circles and building nothing?

Does Mr. Hunt, Government and NHS England really want to involve patients about decisions made in the NHS, and in the use of our health data in particular?

What powers-at-be are deciding how our data is managed and governed and who can have it and why?

One of my favourite mottos is found in ‘Inferno’, Dante’s Hell.

“The hottest places in hell are reserved for those who, in a time of moral crisis, maintain their neutrality.”

In Dante’s Commedia, treachery against religion and against government are both reserved for Hell’s final circle.

I hope my public stance is helpful. I fear it has become a bit of a rant.  Apathy is neutral. But this is no time for neutrality.  There are those in power who make decisions, those with power who influence them and the rest of us. We need to speak up.

To protect our patient choice and to ask to exercise our patient power, so oft championed in word by NHS England and Government, feels so far, rather a risky position to take and challenge what is yet an empty promise.   But public opinion should not be ignored when considering what is deemed to be in the  Public Interest.  We need a more interested public to understand what it will mean if our health data is given freely to third parties, perhaps cross borders, in pseudonymous form without data protection controls or any need to respect consent or inform us. Not just today, but for our lifetime and beyond.

We need some good interpretation and good bridge builders.

We need leaders we can trust to lead us through this process and positively out the other side.

..”every single NHS patient should have a right to opt out of having their data used in anonymised scientific research. I think that was the right thing to do. Of course we are having a difficult debate, but its purpose is to carry the public with us so that we can go on to make important scientific discoveries.”

[Jeremy Hunt, 25th February 2014 – col 148]

Power to the People, was timely this week. Is it all talk, or do you trust us to make our own choices? Trust is a two-way process. You want us to trust the system? Give us a statutory opt out. Get the governance and oversight procedures sorted out.  Narrow the commercial purposes for which data can be used.

I think patients can see the benefits of the programme, but it’s going to be hell getting to a workable solution if basic patient empowerment is left off the discussion table. After all, it’s our data.

PS: (The remix of power to the people may be better than the original.) Maybe there’s a second chance for most things.

 

An ode to care (dot) data

To be or not to be, that is the question.
O, what men dare do!
Two gentleman of Verona
Measure for measure
and in a Midsummer’s Night’s Dream
And like the baseless fabric of this vision
imagined there would be much ado about nothing.
Mum’s the word!
But this denoted a foregone conclusion.
Open-eyed conspiracy!
Wherefore are these things hid?

Oft expectation fails, and most oft there
Where most it promises.
The plan would be a winter’s tale.
But as you like it
or as not
Damn’d be him that first cries, ‘hold enough’!
These tedious old fools!
The tempest doth make delay.

Will the work done be love’s labour lost?
Will the storm nay be calmed?
Sigh no more, ladies, sigh no more,
Men were deceivers ever.

Would they want that chinks be earned
Gold? Yellow, glittering, precious gold?
No, Gods, I am no idle votarist!
All gold and silver rather turn to dirt!
As ’tis no better reckon’d, but of those
who have want.
“Shylock, we would have moneys,” you say so
the pound of flesh which I demand of him
is dearly bought. ‘Tis mine.

What might be toward, that this sweaty haste
Doth make the night joint-laborer with the day:
Who is’t that can inform me?
Friends, Romans, countrymen, lend me your ears!
Who bare my letter, then, to Romeo?
The letter was not nice but full of charge,
Of dear import, and the neglecting it
May do much danger!

Ignorance is the curse of God;
knowledge is the wing wherewith we fly to heaven.
No legacy is so rich as honesty.

For all this same, I’ll hide me hereabout.
His looks I fear, and his intents I doubt.
And exempt from public haunt,
finds tongues in trees.
You are thought here to the most senseless and fit man for the job.
Alas poor Yorrick
a fellow of infinite jest, of most excellent fancy.
Conscience doth make cowards of us all.

And enterprises of great pitch and moment
With this regard their currents turn awry,
And lose the name of action.
What’s more to do,
Which would be planted newly with the time,
How poor are they that have not patience!
Yet, do thy worst, old Time: despite thy wrong.

Don’t trust the person who has broken faith once?
The quality of mercy is not strain’d
I have spoke thus much
To mitigate the justice of thy plea
If we should fail –
We fail!
But screw your courage to the sticking-place,
And we’ll not fail.
All’s well if all ends well.
Love all, trust a few, do wrong to none.

Now this overdone or come tardy off,
though it make the unskillful laugh,
cannot but make the judicious grieve,
the censure of the which one must in your allowance
o’erweigh a whole theatre of others.

What’s done can’t be undone.
Forget, forgive, conclude, and be agreed: Our doctors say this is no time to bleed.

*****
Words taken in tribute,  from the works of Shakespeare
(23 April 1564 – 23 April 1616). 

All his words, not necessarily in the right order.
Celebrated on the date of the 450th anniversary of his birth, on  Metro considered, what if Shakespeare had Twitter?